Bad news:
Those extensions could be used to push spam into your
browser.

Malware and adware vendors have realized that they can take
advantage of Chrome's automatic updates to hit unsuspecting
extension-users, according to Ars Technica.

Ars tells the story of Amit Agarwal, the
developer of an extension called "Add
to Feedly," who was approached by
someone offering to pay "four figures" for his app. Agarwal sold
and transferred the ownership of his extension to another Google
account. A month later, the new owner released an update to the
extension: An update that injected adware on all webpages for Add
to Feedly's 30,000 users. Those users had no idea that the
extension had changed hands, and most probably didn't realize
that it was their new source of spam, since the app had
automatically updated without notifying them.

Unfortunately,
this practice of using extensions to attack users with ads seems
to becoming more common.

What should
you do?

Ars recommends
downloading an extension that will let you know when your other extensions
update, so that you can try to spot correlations between new
updates and increased spam. Plus, if you start noticing more
intrusive ads than usual when you're browsing the web, it's worth
checking the latest reviews of any extensions you're using to see
whether other uses have complained.

Finally, be
wary of simple extensions from small extension makers, as they're
the easiest prey for malicious malware vendors.